tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

apparmor: remove the "task" arg from may_change_ptraced_domain()

Unless task == current ptrace_parent(task) is not safe even under
rcu_read_lock() and most of the current users are not right.

So may_change_ptraced_domain(task) looks wrong as well. However it
is always called with task == current so the code is actually fine.
Remove this argument to make this fact clear.

Note: perhaps we should simply kill ptrace_parent(), it buys almost
nothing. And it is obviously racy, perhaps this should be fixed.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

authored by

Oleg Nesterov and committed by
John Johansen 51775fe7 4a7fc301

+6 -8
+6 -8
security/apparmor/domain.c
··· 50 50 51 51 /** 52 52 * may_change_ptraced_domain - check if can change profile on ptraced task 53 - * @task: task we want to change profile of (NOT NULL) 54 53 * @to_profile: profile to change to (NOT NULL) 55 54 * 56 - * Check if the task is ptraced and if so if the tracing task is allowed 55 + * Check if current is ptraced and if so if the tracing task is allowed 57 56 * to trace the new domain 58 57 * 59 58 * Returns: %0 or error if change not allowed 60 59 */ 61 - static int may_change_ptraced_domain(struct task_struct *task, 62 - struct aa_profile *to_profile) 60 + static int may_change_ptraced_domain(struct aa_profile *to_profile) 63 61 { 64 62 struct task_struct *tracer; 65 63 struct aa_profile *tracerp = NULL; 66 64 int error = 0; 67 65 68 66 rcu_read_lock(); 69 - tracer = ptrace_parent(task); 67 + tracer = ptrace_parent(current); 70 68 if (tracer) 71 69 /* released below */ 72 70 tracerp = aa_get_task_profile(tracer); ··· 475 477 } 476 478 477 479 if (bprm->unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) { 478 - error = may_change_ptraced_domain(current, new_profile); 480 + error = may_change_ptraced_domain(new_profile); 479 481 if (error) { 480 482 aa_put_profile(new_profile); 481 483 goto audit; ··· 688 690 } 689 691 } 690 692 691 - error = may_change_ptraced_domain(current, hat); 693 + error = may_change_ptraced_domain(hat); 692 694 if (error) { 693 695 info = "ptraced"; 694 696 error = -EPERM; ··· 827 829 } 828 830 829 831 /* check if tracing task is allowed to trace target domain */ 830 - error = may_change_ptraced_domain(current, target); 832 + error = may_change_ptraced_domain(target); 831 833 if (error) { 832 834 info = "ptrace prevents transition"; 833 835 goto audit;